源码安装bind
1.准备源码包:
bind官网:http://www.isc.org/downloads/bind/
[root@dns1 ~]#ll-rw-r--r-- 1 root root 8356463 Dec 11 11:16 bind-9.10.1-P1.tar.gz
2.编译环境正常,未安装rpm的bind程序包
[root@dns1 ~]#yumgroupinstall Development tools[root@dns1 ~]#yumgroupinstall Server Platform Development[root@dns1 ~]# rpm-qa bind[root@dns1 ~]#
3.编译安装源码包:
解压源码:
[root@dns1 ~]#tar jxf bind-9.10.1-P1.tar.gz[root@dns1 ~]#cd bind-9.10.1-P1[root@dns1bind-9.10.1-P1]#
可以从中获取帮助:
[root@dns1bind-9.10.1-P1]#./configure --help |less
编译:设置安装路径,程序配置文件路径,禁用Ipv6,禁用chroot,允许多线程
[root@dns1bind-9.10.1-P1]#./configure --prefix=/usr/local/bind --sysconfdir=/etc/named/ --disable-ipv6 --disable-chroot --enable-threads
我这里编译出现了错误,依赖openssl-devel的包:
[root@dns1bind-9.10.1-P1]#yum install openssl-devel
重新编译:
[root@dns1bind-9.10.1-P1]#./configure --prefix=/usr/local/bind --sysconfdir=/etc/named/ --disable-ipv6 --disable-chroot --enable-threads
安装程序:
[root@dns1bind-9.10.1-P1]#make && make install
4.尽量加入系统用户named来管理bind
[root@dns1 ~]#groupadd -r -g 53 named[root@dns1 ~]# useradd-r -g named -u 53 named
5.下面即将进行的步骤:
导出程序路径至PATH中
导出帮助文件
导出库文件和头文件:
如果开发没用使用其中的库就不用导出
[root@dns1 ~]#ls /usr/local/bind/sbin/arpaname dnssec-revoke lwresd named-rrcheckerddns-confgen dnssec-settime named nsec3hashdnssec-dsfromkey dnssec-signzone named-checkconf rndcdnssec-importkey dnssec-verify named-checkzone rndc-confgendnssec-keyfromlabel genrandom named-compilezone tsig-keygendnssec-keygen isc-hmac-fixup named-journalprint[root@dns1 ~]#ls /usr/local/bind/bin/bind9-config delv dig host isc-config.sh nslookup nsupdate [root@dns1 ~]#vim .bash_profilePATH=$PATH:$HOME/bin:/usr/local/bind/bin:/usr/local/bind/sbin[root@dns1 ~]#source .bash_profile
6.源码安装是没有任何配置文件和服务脚本的哦!
#ls/etc/named/ 主配置文件#ls/var/named/ 区域解析库文件#ls/etc/rc.d/init.d 启动脚本
我们自己来编写配置文件和服务脚本哦!
[root@dns1 ~]#mkdir /var/named[root@dns1 ~]#cd /var/named
访问一个能访问的DNS获取根区域文件:
[root@dns1named]# dig -t NS . @172.16.0.1 >/var/named/named.ca[root@dns1named]# lsnamed.ca
编辑好本地解析库文件:
[root@dns1 named]# vim named.localhost$TTL 1D@ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H) ; minimum NS @ A 127.0.0.1
[root@dns1 named]#vi named.loopback$TTL 1D@ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H) ; minimum NS @ A 127.0.0.1 PTR localhost.
权限设置和设置属组为named:
[root@dns1 named]# chmod 640 *[root@dns1 named]# chown :named *[root@dns1 named]# lltotal 12-rw-r----- 1 root named 2100 Dec 11 11:56named.ca-rw-r----- 1 root named 374 Dec 11 11:57 named.localhost-rw-r----- 1 root named 401 Dec 11 11:58 named.loopback
提供主配置文件:named.conf
先设置好rndc密钥配置文件:
[root@dns1 named]# rndc-confgen -r /dev/urandom> /etc/named/rndc.conf
需要将rndc密钥文件配置在named.conf文件中:
[root@dns1 named]# cat /etc/named/named.conf options { directory "/var/named";}; zone "." IN { type hint; file "named.ca";}; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; };}; zone "0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; };}; # Use with the following in named.conf,adjusting the allow list as needed: key"rndc-key" { algorithm hmac-md5; secret "4a8/AsRRQ5OH5a0oRaBeAg=="; };# controls{ inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; };#End of named.conf
设置好文件的权限和属组:
[root@dns1 named]# chmod 640 /etc/named/*[root@dns1 named]# chown :named /etc/named/*[root@dns1 named]# ll /etc/named/total 12-rw-r----- 1 root named 2389 Dec 11 11:29bind.keys-rw-r----- 1 root named 545 Dec 11 12:09 named.conf-rw-r----- 1 root named 479 Dec 11 12:01 rndc.conf
7.到这里我们其实可以启动named服务了!
但是有些复杂,只说一些命令哦!
查看帮助文件
#ls /usr/local/bind9/share/man#man -M /usr/local/bind9/share/man named
前台启动,日志也在前台记录
[root@dns1 named]# named -u named –g
使其在后台运行:
[root@dns1 named]# named -u named
查看启动状态:
[root@dns1 named]# ss -tunl |grep :53udp UNCONN 0 0 172.16.31.100:53 *:* udp UNCONN 0 0 127.0.0.1:53 *:* tcp LISTEN 0 10 172.16.31.100:53 *:* tcp LISTEN 0 10 127.0.0.1:53 *:* tcp LISTEN 0 128 :::53887 :::* [root@dns1 named]# ps aux |grep namednamed 18870 0.0 1.1 13××× 11848 ? Ssl 12:23 0:00 named -u namedroot 18883 0.0 0.0 103252 824 pts/1 S+ 12:24 0:00 grep named
关闭named服务:
[root@dns1 named]# killall named[root@dns1 named]# ps aux |grep namedroot 18887 0.0 0.0 103252 824 pts/1 S+ 12:24 0:00 grep named
8.我们现在来实现加入区域:
[root@dns1 named]# vim /etc/named/named.confzone "oracle.com" IN { type master; file "oracle.com.zone";};
设置区域正向区域解析库文件:
[root@dns1 named]#vim /var/named/oracle.com.zone$ORIGIN oracle.com.@ IN SOA ns.oracle.com. root.oracle.com. ( 2014121101 ;serial 1D ;refresh 5M ;retry 1W ;expiry 1H) ;minimum@ IN NS ns.oracle.com. IN MX 5 mail.oracle.com.ns IN A 172.16.31.100www IN A 172.16.31.100www IN A 172.16.31.101mail IN A 172.16.31.100pop3 IN CNAME mailiamp4 IN CNAME mail
设置好权限和属组:
[root@dns1 named]# chmod 640 oracle.com.zone [root@dns1 named]# chown :named oracle.com.zone
启动named服务:
[root@dns1 named]# named -u named
查看日志:
[root@dns1 named]# tail /var/log/messages Dec 11 12:33:41 dns1 named[18945]: automaticempty zone: 8.B.D.0.1.0.0.2.IP6.ARPADec 11 12:33:41 dns1 named[18945]: commandchannel listening on 127.0.0.1#953Dec 11 12:33:41 dns1 named[18945]: the workingdirectory is not writableDec 11 12:33:41 dns1 named[18945]:managed-keys-zone: loaded serial 0Dec 11 12:33:41 dns1 named[18945]: zonelocalhost/IN: loaded serial 0Dec 11 12:33:41 dns1 named[18945]:oracle.com.zone:2: no TTL specified; using SOA MINTTL insteadDec 11 12:33:41 dns1 named[18945]: zoneoracle.com/IN: loaded serial 2014121101Dec 11 12:33:41 dns1 named[18945]: zone0.0.127.in-addr.arpa/IN: loaded serial 0Dec 11 12:33:41 dns1 named[18945]: all zonesloadedDec 11 12:33:41 dns1 named[18945]: running
可以查询了:
[root@dns1 named]# dig -t A www.oracle.com@172.16.31.100 ; <<>> DiG9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> -t A www.oracle.com@172.16.31.100;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY,status: NOERROR, id: 15903;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2,AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION:;www.oracle.com. IN A ;; ANSWER SECTION:www.oracle.com. 3600 IN A 172.16.31.101www.oracle.com. 3600 IN A 172.16.31.100 ;; AUTHORITY SECTION:oracle.com. 3600 IN NS ns.oracle.com. ;; ADDITIONAL SECTION:ns.oracle.com. 3600 IN A 172.16.31.100 ;; Query time: 0 msec;; SERVER: 172.16.31.100#53(172.16.31.100);; WHEN: Thu Dec 11 12:37:19 2014;; MSG SIZE rcvd: 97
成功了哦!
9.下面就可以进行服务启动脚本的书写了:
我们先将bind的帮助文件写进/etc/man.config进行调用:
方便named服务启动后生成pid文件:
[root@dns1 named]# chown named:named/usr/local/bind/var/run/ [root@dns1 named]# touch /var/lock/subsys/named[root@dns1 named]# touch /etc/rc.d/init.d/named[root@dns1 named]# chmod 755/etc/rc.d/init.d/named
[root@dns1 named]# vim /etc/rc.d/init.d/named#!/bin/bash# named a network name service.# chkconfig: 345 35 75# description: a name serverpidfile=/usr/local/bind/var/run/named/named.pidlockfile=/var/lock/subsys/namedconffile=/etc/named/named.confnamed=/usr/local/bind/sbin/namedprog=named [ -r /etc/rc.d/init.d/functions ] && ./etc/rc.d/init.d/functions start() { if [ -e $lockfile ] ; then echo -n -e "$prog is already running.\n" warning echo -n -e \n exit 0 fi echo -n "Starting $prog:" daemon --pidfile $pidfile $named -u named -c $conffile tetval=$? echo if [[ $retval -eq 0 ]] ; then touch $lockfile return $retval else rm -f $lockfile $pidfile return 1 fi} stop() { if [ ! -e $lockfile ] ; then echo -n "$prog is stopped." warning echo exit 0 fi echo -n "Stopping $prog:" killproc $prog retval=$? echo if [[ $retval -eq 0 ]] ; then rm -f $lockfile $pidfile return 0 else echo "Can't stop $prog" return 1 fi} restart() { stop start} reload() { echo -n "Reload the $prog:" killproc -HUP $prog retval=$? echo return $retval} status() { if pidof $prog &>/dev/null; then echo -n "$prog is running." success echo else echo -n "$prog is stopped." success echo fi} usage() { echo "Usage:named {start|stop|status|reload|restart}"} case $1 instart) start;;stop) stop;;restart) restart;;status) status;;reload) reload;;*) usage exit 1 ;;esac
有个bug,warning函数会覆盖前面的输出
我怀疑是warning函数的问题!
就不管了o(∩_∩)o 哈哈
10.最后介绍一下DNS下面的压力测试工具:queryperf
实际测试要考虑带宽哦!
[root@dns1bind-9.10.1-P1]# ls contribdane idn perftcpdns queryperf scripts zkt-1.1.2dlz nslint-3.0a2 query-loc-0.4.0 README sdb[root@dns1bind-9.10.1-P1]# cd contrib/queryperf/[root@dns1queryperf]# lsconfig.h.in configure.in Makefile.in queryperf.c utilsconfigure input missing README
简单编译安装:
[root@dns1 queryperf]# makeroot@dns1 queryperf]# ./configure
复制命令到bin下:
[root@dns1 queryperf]# cp queryperf /bin/
开始压力测试:
queryperf [-d datafile] [-s server_addr] [-p port] [-qnum_queries] [-b bufsize] [-t timeout] [-n] [-l limit] [-f family] [-1] [-i interval] [-r arraysize] [-u unit] [-H histfile] [-T qps] [-e] [-D] [-R] [-c] [-v] [-h]常用选项:-d datefile:选择要解析域名集合的文件,对哪些区域进行测试-s server_addr:指定压力测试的服务器
我们需要建立一个解析域名集合的文件:
例如:
[root@dns1 ~]#vi test.txtwww.oracle.com Amail.oarcle.com Aoracle.com NSoracle.com MXpop3.oracle.com Aiamp4.oracle.com Awww.oracle.com Amail.oarcle.com Aoracle.com NSoracle.com MXpop3.oracle.com Aiamp4.oracle.com A
简单测试一下哦!
[root@dns1 ~]# queryperf -d test.txt -s172.16.31.100 DNS Query Performance Testing ToolVersion: $Id: queryperf.c,v 1.12 2007/09/0507:36:04 marka Exp $ [Status] Processing input data[Status] Sending queries (beginning with172.16.31.100)[Timeout] Query timed out: msg id 2[Timeout] Query timed out: msg id 8[Status] Testing complete Statistics: Parseinput file: once Endeddue to: reaching end of file Queriessent: 12 queries Queriescompleted: 12 queries Querieslost: 0 queries Queriesdelayed(?): 0 queries RTTmax: 0.004873 sec RTTmin: 0.000074 sec RTTaverage: 0.001751 sec RTT stddeviation: 0.001375 sec RTT outof range: 0 queries Percentage completed: 100.00% Percentage lost: 0.00% Startedat: Thu Dec 11 14:05:39 2014 Finished at: Thu Dec 1114:05:44 2014 Ranfor: 5.004047 seconds Queriesper second: 2.398059 qps
机器不咋的,处理的慢。
到这里源码安装Bind的介绍就结束了,shell脚本构建服务还是不熟练!